Commit graph

760 commits

Author SHA1 Message Date
Manav Rathi eec5409a69 installation: allow profile modification to be skipped (#1072)
The current behaviour modifies the first writeable file from amongst
.bash_profile, .bash_login and .profile.  So .bash_profile (if it is
writable) would be modified even if a user has already sourced nix.sh
in, say, .profile.

This commit introduces a new environment variable,
NIX_INSTALLER_NO_MODIFY_PROFILE.  If this is set during installation,
then the modifications are unconditionally skipped.

This is useful for users who have a manually curated set of dotfiles
that they are porting to a new machine. In such scenarios, nix.sh is
already sourced at a place where the user prefers.  Without this
change, the nix installer would insist on modifying .bash_profile if
it exists.

This commit also add documentations for both the current behaviour and
the new override.
2016-11-03 18:02:29 +01:00
Eelco Dolstra fb2dd32100 SSL_CERT_FILE -> NIX_SSL_CERT_FILE
This prevents collisions with the "native" OpenSSL, in particular on
OS X.

Fixes #921.
2016-10-13 17:09:10 +02:00
Shea Levy 87b189c2b3 Merge branch 'nix-build-c++' 2016-08-31 12:10:21 -04:00
Shea Levy 572aba284a Merge branch 'nix-channel-c++' 2016-08-31 09:49:24 -04:00
Jude Taylor 596e4a5693 remove old traces of resolve-system-dependencies 2016-08-13 15:27:49 -07:00
Shea Levy 59124228b3 nix-channel: implement in c++ 2016-08-11 11:34:43 -04:00
Shea Levy 6e51af8023 Nuke nix-push.
Rarely used, nix copy replaces it.
2016-08-10 11:13:11 -04:00
Shea Levy a6eed133c5 Remove download-from-binary-cache.pl.in.
We have BinaryCacheStore now
2016-08-10 08:43:33 -04:00
Shea Levy e3128014db Remove scripts/show-duplication.pl
Was added in 2006 to "measure the cost of the Nix approach".

Given that it uses /usr/bin/perl, I think this is safe to remove.
2016-08-10 08:40:58 -04:00
Shea Levy 15c035c13f Remove nix-install-package.
Refs #831
2016-08-10 08:20:51 -04:00
Shea Levy 80ebc553ec nix-build: Port to c++
This was a dumb line-for-line rewrite, because nix build/nix run/etc.
will replace it.
2016-08-09 07:42:20 -04:00
Alexey Shmalko eef754813f Set $MANPATH (#1005)
Currently, man has issues finding man pages for Nix-installed
application (also, `nix-env --help` doesn't work). The issue is caused
by custom `$MANPATH` set by my system. That makes man use it instead of
searching in default location.

Either of next lines workaround the issue:
```sh
unset MANPATH

export MANPATH=$HOME/.nix-profile/share/man:$MANPATH
```

This patch adds the later line to the `nix-profile.sh` if user has
`MANPATH` set. (Not clearing `MANPATH` as that would be disrespect of
user's preferences.)

As a side-effect, host's man might find man pages installed by Nix.
2016-07-29 12:00:11 +02:00
Shea Levy ee3032e4de Merge branch 'find-runtime-roots-c++' 2016-07-24 07:33:49 -04:00
Shea Levy 3c68a661f2 resolve-system-dependencies.pl: Only install on darwin 2016-07-21 19:00:54 -04:00
Shea Levy 3c46fe62b8 find-runtime-roots: fold into gc.cc 2016-07-21 07:04:41 -04:00
Eelco Dolstra 4494000e04 LocalStore: Allow the physical and logical store directories to differ
This is primarily to subsume the functionality of the
copy-from-other-stores substituter. For example, in the NixOS
installer, we can now do (assuming we're in the target chroot, and the
Nix store of the installation CD is bind-mounted on /tmp/nix):

  $ nix-build ... --option substituters 'local?state=/tmp/nix/var&real=/tmp/nix/store'

However, unlike copy-from-other-stores, this also allows write access
to such a store. One application might be fetching substitutes for
/nix/store in a situation where the user doesn't have sufficient
privileges to create /nix, e.g.:

  $ NIX_REMOTE="local?state=/home/alice/nix/var&real=/home/alice/nix/store" nix-build ...
2016-06-02 16:02:48 +02:00
Eelco Dolstra 33664f0e8d Fix reference to $NIX_LINK 2016-05-31 15:14:24 +02:00
Eelco Dolstra c9ff3747db nix-profile.sh: Don't pollute the environment 2016-05-31 13:07:10 +02:00
Eelco Dolstra c2d27d30cf nix-copy-closure / build-remote.pl: Disable signature checking
This restores the Nix 1.11 behaviour.
2016-05-31 11:48:05 +02:00
Gabriel Gonzalez 3889415bf8 Fix ?? in Nix warning message
Nix sometimes outputs a warning message like this:

```
directory /nix does not exist; creating it by running ‘?? using sudo
```

... when it really meant to output something that looked like this:

```
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown gabriel /nix' using sudo
```

The reason why is due to some bizarre behavior in Bash where it will translate anything of the form `$x’` to `??`, leading to the incorrect warning message.  I don't know what is the origin of this Bash behavior, but the easiest fix is to just use ASCII quotes instead of unicode quotes.
2016-05-18 12:02:48 -07:00
Eelco Dolstra f435f82475 Remove OpenSSL-based signing 2016-05-04 11:01:48 +02:00
Eelco Dolstra 80f739b571 Merge pull request #883 from sheenobu/bugfix/ruby_shebang
Workaround to support ruby as an interpreter
2016-05-03 11:14:21 +02:00
Eelco Dolstra aa3bc3d5dc Eliminate the substituter mechanism
Substitution is now simply a Store -> Store copy operation, most
typically from BinaryCacheStore to LocalStore.
2016-04-29 13:57:08 +02:00
Eelco Dolstra 6e1b099279 Remove --print-build-trace
This was added to support Hydra, but Hydra no longer uses it.
2016-04-25 19:18:45 +02:00
Eelco Dolstra 41633f9f73 Improved logging abstraction
This also gets rid of --log-type, since the nested log type isn't
useful in a multi-threaded situation, and nobody cares about the
"pretty" log type.
2016-04-25 19:18:45 +02:00
Sheena Artrip 2989783f64
Workaround to support ruby as an interpreter 2016-04-18 13:16:59 -04:00
Eelco Dolstra a54736355a install-nix-from-closure: Don't run nix-store --verify
Verification is slow. Also, we really shouldn't advise users to nuke
their store.
2016-04-14 12:50:01 +02:00
Shea Levy 1b3e704fb9 Merge branch 'patch-2' of git://github.com/wmertens/nix
install-nix-from-closure improvments
2016-04-12 07:33:04 -04:00
Eelco Dolstra 867967265b Remove manifest support
Manifests have been superseded by binary caches for years. This also
gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
2016-04-11 16:20:15 +02:00
Wout Mertens af4fb6ef61 Bring nix-profile.sh in line with NixOS
Use the same logic as NixOS' profile and environment setup. Closes #414
2016-04-10 23:45:52 +02:00
Wout Mertens ef00999fb7 Remove information about nix-store --optimise 2016-04-10 21:55:26 +02:00
wmertens 4916d92092 Always verify nix store on install
Just wasted a couple hours chasing shadows because the nix store got
corrupted and there was no indication of that anywhere.

Since an install is one-time only, might as well verify.  Optimization
showed that the copied files aren't read-only; fixed that as well.

Also, use /bin/sh since there's a good chance that this script will be
run on systems without /bin/bash
2016-04-10 21:55:26 +02:00
Shea Levy 4f011bccf8 Merge branch 'master' of git://github.com/stepcut/nix 2016-02-19 18:21:41 -05:00
Eelco Dolstra c4d22997f3 Add C++ functions for .narinfo processing / signing
This is currently only used by the Hydra queue runner rework, but like
eff5021eaa it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)
2016-02-16 16:38:44 +01:00
Peter Simons 92063851b1 nix-profile.sh.in: find ca-bundle.pem on openSUSE Tumbleweed machines 2016-02-16 10:15:05 +01:00
Peter Simons bd42510e49 nix-profile.sh.in: quote use of $HOME in shell arguments
All other places in the script do this already, so let's be consistent.
2016-02-12 13:24:25 +01:00
Alex Cruice ad0dc41899 Check shell profile is writeable before modifying
The `set -e` at the top of the script causes the installation to fail to
complete if the shell profile is not writeable. Checking file existence
only is not enough.
2016-02-10 11:57:50 +01:00
Brian McKenna 3baf8be1d1 Fix broken call to shellwords
nix-shell shebangs were broken by 9018deab
2016-01-20 16:35:16 +01:00
Philip Potter 4f3cf06c97 Verify TLS certificate before downloading binaries
The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain.  This almost
entirely negates any benefit from using TLS in the first place.

This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.

Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.

[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]
2016-01-05 14:19:46 +01:00
Fabian Schmitthenner 0eb200e569 propagate NIX_BUILD_SHELL also in pure builds document NIX_BUILD_SHELL in the nix-shell command documentation 2016-01-05 14:11:20 +01:00
Brian McKenna 9018deab6c Use shellwords for nix-shell shebang
Previously we can't have quoted arguments.

This now allows us to use things like `ghcWithPackages`
2015-12-07 11:31:26 +11:00
Jeremy Shaw 3afa16e16f Clarify installation error message that is shown when /nix/store exists but is not writable by the user 2015-12-06 11:00:03 -06:00
Eelco Dolstra c0d4173263 Set default binary-caches-parallel-connections to 25
Some benchmarking suggested this as a good value. Running

  $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>'

gave the following mean elapsed times for these values of N:

N=10:  3.3541
N=20:  2.9320
N=25:  2.6690
N=30:  2.9417
N=50:  3.2021
N=100: 3.5718
N=150: 4.2079

Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB).

Closes #708.
2015-11-25 17:13:11 +01:00
Jude Taylor 279fa8f618 reintroduce host deps in tandem with sandbox profiles 2015-11-21 15:57:06 -08:00
Eelco Dolstra 9ee15abe30 Fix bad characters in "copying 7 missing paths from ..." 2015-11-10 16:12:26 +01:00
Shea Levy fef8c3a5ab resolve-system-dependencies.pl: Simplify union impl
Patch by @pikajude
2015-10-21 18:18:03 -04:00
Jude Taylor f5a7739171 appropriately handle lock acquisition failures in resolve-system-dependencies.pl 2015-10-21 14:38:35 -07:00
Jude Taylor ff6953cb03 Add resolve-system-dependencies.pl 2015-10-21 12:38:52 -07:00
Eelco Dolstra bec3c31608 nix-prefetch-url: Rewrite in C++ 2015-10-01 16:47:43 +02:00
Utku Demir a49514a2e2 Also set CURLOPT_SSL_VERIFYHOST=0 when "verify-https-binary-caches" is false
This makes that option even more insecure, by also not checking the SSL host.

But without this parameter, one can still get SSL errors even when
"verify-https-binary-caches" is false, which is unexpected IMO.
2015-09-25 22:34:08 +03:00